/**
 * 
 */
package com.toncen.samepms.common;

import java.util.ArrayList;
import java.util.List;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import com.toncen.samepms.basic.domain.Organization;
import com.toncen.samepms.basic.domain.User;
import com.toncen.samepms.system.dao.RoleDao;
import com.toncen.samepms.system.domain.Role;
import com.toncen.samepms.util.RoleUtils;
import com.sky.common.clone.CloneUtils;
import com.sky.common.properties.PropertiesUtils;
import com.sky.common.string.StringUtils;

/**
 * 描述：可操作数据权限提供者基类
 * 
 * @author tch
 */
public abstract class AbstractAccessPermissionProvider {

	/**
	 * 可操作数据权限配置文件
	 */
	public final static String FILE_ACCESS_PERMISION = "/accesspermision.properties";

	/**
	 * 可操作数据权限提供者key
	 */
	public final static String KEY_ACCESS_PERMISION_PROVIDER = "AccessPermissionProvider";

	/**
	 * 超级管理员角色key
	 */
	public static final String KEY_ROLE_SUPER_ADMINISTRATOR = "Role.SuperAdministrator";

	/**
	 * 系统管理员角色key
	 */
	public static final String KEY_ROLE_SYSTEM_ADMINISTRATOR = "Role.SystemAdministrator";

	/**
	 * 组织管理员角色key
	 */
	public static final String KEY_ROLE_ORGANIZATION_ADMINISTRATOR = "Role.OrganizationAdministrator";

	/**
	 * 角色分隔符
	 */
	public final static String ROLE_SEPARATOR = ",";

	/**
	 */
	protected Log logger = LogFactory.getLog(this.getClass());

	/**
	 * 
	 */
	public AbstractAccessPermissionProvider() {
	}

	/**
	 * 获取角色数组
	 * 
	 * @param roles
	 * @return
	 */
	protected static long[] getRoles(String roles) {
		long[] lRoles = new long[] {};
		if (!StringUtils.isEmpty(roles)) {
			String[] sRoles = roles.split(ROLE_SEPARATOR,-1);
			lRoles = new long[sRoles.length];
			for (int i = 0; i < sRoles.length; i++) {
				if (!StringUtils.isEmpty(sRoles[i])) {
					lRoles[i] = Long.parseLong(sRoles[i]);
				}
			}
		}
		return lRoles;
	}

	/**
	 * @param roles
	 * @return
	 */
	protected static List<Role> getRoleList(String roles) {
		long[] lRoles = getRoles(roles);
		List<Role> roleList = new ArrayList<Role>();
		Role role = null;
		for (long r : lRoles) {
			role = new Role();
			role.setId(r);
			roleList.add(role);
		}
		return roleList;
	}

	/**
	 * 获取超级管理员组角色
	 * 
	 * @return
	 * @throws Exception
	 */
	public static List<Role> getSuperAdministrator() throws Exception {
		return getRoleList(PropertiesUtils.getParameter(FILE_ACCESS_PERMISION, KEY_ROLE_SUPER_ADMINISTRATOR));
	}

	/**
	 * 获取系统管理员组角色
	 * 
	 * @return
	 * @throws Exception
	 */
	public static List<Role> getSystemAdministrator() throws Exception {
		return getRoleList(PropertiesUtils.getParameter(FILE_ACCESS_PERMISION, KEY_ROLE_SYSTEM_ADMINISTRATOR));
	}

	/**
	 * 获取组织管理员组角色
	 * 
	 * @return
	 * @throws Exception
	 */
	public static List<Role> getOrganizationAdministrator() throws Exception {
		return getRoleList(PropertiesUtils.getParameter(FILE_ACCESS_PERMISION, KEY_ROLE_ORGANIZATION_ADMINISTRATOR));
	}

	/**
	 * 获取当前用户可操作数据类型权限集合
	 * 
	 * @param context
	 * @param user
	 * @param type
	 * @return
	 */
	public abstract List<AbstractDomain> getAccessPermissions(Object context, User user, String type) throws Exception;

	/**
	 * 获取当前用户可操作组织权限
	 * 
	 * @param context
	 * @param user
	 * @return
	 * @throws Exception
	 */
	protected List<Organization> getAccessOrganizationPermissions(Object context, User user) throws Exception {
		List<Organization> organizationList = new ArrayList<Organization>();
		if (RoleUtils.isRole(user, getSuperAdministrator())) {// 超级管理员

		} else if (RoleUtils.isRole(user, getSystemAdministrator())) {// 系统管理员

		} else if (RoleUtils.isRole(user, getOrganizationAdministrator())) {// 单位管理员
			organizationList.add(user.getOrganization());// 添加当前组织
			organizationList.addAll(user.getOrganization().getCascadeChilds());// 添加当前组织级联下级组织
		} else {// 其它
			organizationList.add(user.getOrganization());// 添加当前组织
		}
		return organizationList;
	}

	/**
	 * 获取当前用户可操作角色权限
	 * 
	 * @param context
	 * @param user
	 * @return
	 * @throws Exception
	 */
	@SuppressWarnings("unchecked")
	protected List<Role> getAccessRolePermissions(Object context, User user) throws Exception {
		RoleDao roleDao = new RoleDao();
		List<Role> allroles = (List) CloneUtils.deepClone(roleDao.getAllByState(1));
		if (RoleUtils.isRole(user, getSuperAdministrator())) {// 超级管理员

		} else if (RoleUtils.isRole(user, getSystemAdministrator())) {// 系统管理员
			allroles.removeAll(getSuperAdministrator());
		} else if (RoleUtils.isRole(user, getOrganizationAdministrator())) {// 单位管理员
			allroles.removeAll(getSuperAdministrator());
			allroles.removeAll(getSystemAdministrator());
		} else {// 其它
			allroles.removeAll(getSuperAdministrator());
			allroles.removeAll(getSystemAdministrator());
			allroles.removeAll(getOrganizationAdministrator());
		}
		return allroles;
	}

	/**
	 * 获取当前用户可操作用户权限
	 * 
	 * @param context
	 * @param user
	 * @return
	 * @throws Exception
	 */
	protected List<User> getAccessUserPermissions(Object context, User user) throws Exception {
		List<User> userList = new ArrayList<User>();
		if (RoleUtils.isRole(user, getSuperAdministrator())) {// 超级管理员

		} else if (RoleUtils.isRole(user, getSystemAdministrator())) {// 系统管理员

		} else if (RoleUtils.isRole(user, getOrganizationAdministrator())) {// 单位管理员
			List<Organization> organizationList = new ArrayList<Organization>();
			organizationList.add(user.getOrganization());// 添加当前组织
			organizationList.addAll(user.getOrganization().getCascadeChilds());// 添加当前组织级联下级组织
			for (Organization organization : organizationList) {
				userList.addAll(organization.getUsers());// 添加组织的全部用户
			}
		} else {// 其它
			userList.add(user);// 添加当前用户
		}
		return userList;
	}

}
